02-13-2024 06:34 AM
Hello,
Due to the CVE-2024-20252 and CVE-2024-20254 vulnerabilities, Expressways must be updated at least to version 14.3.4
Our CUCM/IM&P cluster are in version 11.5.1.(SU10), (Expressways are in 14.0.3).
Can we update our Expressways to version 14.3.4 without having to upgrade the CUCM and IM&P?
I read the compatibility matrix but could not understand if versions are compatible.
We are about to upgrade the 11.5.1(SU10) servers in a couple of months but the SOC department push us hard to resolve the Expressway vulnerability asap.
Thank you very much.
02-13-2024 06:44 AM - edited 02-13-2024 06:51 AM
What's unclear?
Min. version is Expressway 12.5 for CUCM 11.5.
If you need more info, you have to go through the Expressway Release notes, admin guides, ...
The CSR compatibility matrix is not the only source, to check version compatibility.
And btw: Why do you want to upgrade to a 11.5 version? It's end of life and not supported anymore.
Save the time and upgrade to at least 12.5.
02-13-2024 06:58 AM
Thank you for your reply. I am planning of upgrading the CUCMs to 12.5 in the next 2-3 months but, there are 6 servers in the cluster, 2 IM&P, 2 Unity, 2 UCCX, 1 SME, 1 CUAC and csoc needs a fast resolution for the Expressway vulnerabilities.
02-13-2024 06:45 AM
I would say that you can upgrade to the 14.3.4 release.
02-13-2024 08:09 AM
Hi,
Yes there's no specifc compatibility issue with CUCM version. The only point you need to pay attention is to service you can offer with a specific CUCM Version with a Expressway release.
As @Roger Kallberg and @b.winter Suggested, An earlier version of CUCM is highly recommended even to solve security issues noticed on earlier releases.
Keep in mind that 12.5 CUCM version is in EoL https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-callmanager/v-12-5-on-premises-calling-applications-eol.html
HTH
Regards
Carlo
02-13-2024 09:50 AM - edited 02-13-2024 09:51 AM
If your Security Operations Center (SOC) team is concerned about the Expressway vulnerabilities, it’s worth considering why they haven’t addressed the use of an End-of-Life (EOL) release of CUCM. Currently, CUCM 11.5 is set to reach EOL on May 31, 2024, and even if you upgrade to CUCM 12.5, it will also reach EOL by August 31, 2025. Without an active support contract attached to your CUCM, you are indeed risking your environment without support from Cisco.
Regarding the use of Expressway for Mobile and Remote Access (MRA), the release note emphasizes that for accessing the latest features and functionality, it’s recommended to deploy Expressway in conjunction with the latest version of UCM. However, Expressway remains backward compatible with earlier versions of UCM.
releases as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide